CVE-2020-15900
Description
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The rsearch calculation for the post size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.139
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Ghostscript 9.50 | Windows |
| Vulnerabilities CVE-2020-15900,CVE-2021-3781 are affected in Ghostscript 9.52 | Windows |
| SUSE-SU-2020:2097-1(SUSE Linux Enterprise Server 12-SP5 ) ghostscript-9.52-23.39.1.x86_64.rpm | Linux |
| SUSE-SU-2020:2097-1(SUSE Linux Enterprise Server 12-SP5 ) ghostscript-debuginfo-9.52-23.39.1.x86_64.rpm | Linux |
| SUSE-SU-2020:2097-1(SUSE Linux Enterprise Server 12-SP5 ) ghostscript-debugsource-9.52-23.39.1.x86_64.rpm | Linux |
| SUSE-SU-2020:2097-1(SUSE Linux Enterprise Server 12-SP5 ) ghostscript-x11-9.52-23.39.1.x86_64.rpm | Linux |
| SUSE-SU-2020:2097-1(SUSE Linux Enterprise Server 12-SP5 ) ghostscript-x11-debuginfo-9.52-23.39.1.x86_64.rpm | Linux |
| PostScript and PDF interpreter (USN-4445-1) libgs9_9.50~dfsg-5ubuntu4.1_i386.deb | Linux |
| PostScript and PDF interpreter (USN-4445-1) libgs9_9.50~dfsg-5ubuntu4.1_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-4445-1) ghostscript_9.50~dfsg-5ubuntu4.1_i386.deb | Linux |
| PostScript and PDF interpreter (USN-4445-1) ghostscript_9.50~dfsg-5ubuntu4.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234